The development of security-hardened embedded software is a challenge. Recently, vulnerabilities in products such as medical devices, industrial control systems, and automobiles have been exploited. However, firmware can be secured by following best practice architectures, implementation techniques, and software development processes. This course gives you the skills to harden your embedded software to prevent vulnerabilities and detect many types of attacks.

Length/Options

  • 2 days (hands-on)
  • 1 day (lecture only)

Audience

  • Embedded software developers who want to learn how to implement software techniques to increase embedded device security

Prerequisites

  • Working familiarity with the C programming language
  • Knowledge of embedded software fundamentals (i.e., the topics covered in our Embedded Software Boot Camp)

Related Courses

Outline

  • Introduction
    • A Brief History of Embedded Systems Attacks
    • Uniquely Embedded Concerns
    • Reliability as Security
    • Security Arms Race
    • Cryptography in a Nutshell
    • Weakest Link
    • Proper Role of Obscurity
  • Threat Assessment
    • Attackers and Assets
    • Attack Surface
    • Attack Trees
    • Security Policy
  • Random Numbers and Entropy
    • Randomness and Random Numbers
    • Entropy
    • Case Study: Not So Random Numbers
  • Data At Rest
    • Introduction
    • Block Ciphers
    • Cipher Modes
    • Hashes
    • Message Authentication Codes
  • Common Firmware Vulnerabilities
    • Backdoors
    • Bugs
    • Uncaught and Insecure
    • C++ Techniques
    • Change of Execution Attacks
    • Disassembly and Reverse Engineering
    • Denial of Service
  • Defensive Software Architectures
    • Complexity Kills
    • Review: Scheduling and RMA
    • Secure RTOSes
    • Memory Partitioning and Protection
    • CPU Time Partitioning
    • Locking Down the Firmware
  • Defensive Hardware Interfaces
    • Exception Handling
    • Race Conditions
    • User Interface
    • Case Study: A/D Converters
    • FPGA Security
  • Secure Software Process
    • Capturing Security Requirements
    • Secure Coding Standard
    • Peer Code Reviews
    • Security Analysis Tools
    • Modeling & Code Generation
    • Security Testing Techniques
  • Related Topics
    • FMEA, FTA, MTBF
    • Entity Authentication
    • Open Source
    • Jailbreaking & DMCA

Learn More

To request pricing or dates, or for more information about this course, contact us.

Find out More

Contact us now to find out more about this course or to enquire about an on-site training at your company.

Recording Policy

Barr Group's courses may not be audiotaped, videotaped, or photographed without consent from Barr Group's executive team.